> AppArmor's Overall Design> =========================> > AppArmor protects systems from vulnerable software by confining> processes, giving them "least privilege" access to the system's> resources: with least privilege, processes are allowed exactly what they> need, nothing more, and nothing less. Systems are thus protected from> bugs in applications that would lead to privilege escalation, such as> remote system access because of a buffer overflow in a web server, etc.> > AppArmor does this by defining application profiles which list allowed> accesses, and assigning those profiles to processes. AppArmor does *not*

You can do the same with ptrace. If that's not fast enough... improveptrace?

> The corollary to this is that attacks against AppArmor that start with> "assume some unconfined process does ..." are outside the AppArmor> threat model. Any process that might do something malicious to an

IOW AppArmor is broken by design. (One reason is: operations by unconfinedprocesses that did not use to be security sensitive before -- lnshadow random_name -- are security sensitive now.)